SFPC - Security Fundamentals Professional Insider Threat Awareness Questions and Answers

Question 1

An employee with authorized access to sensitive project files is observed exhibiting several potential risk indicators. They have recently started working unusually late hours, expressed significant dissatisfaction with management, and have been attempting to access files unrelated to their job responsibilities. These behaviors are MOST indicative of what type of threat?

Accepted Answer

A potential malicious insider threat.

Answer

The combination of behavioral indicators (dissatisfaction, unusual hours) and technical indicators (attempting to access unauthorized information) strongly suggests a potential malicious insider threat, where an individual intentionally uses their authorized access to cause harm.

Question 2

Which of the following describes an unintentional insider threat?

Accepted Answer

A contractor who clicks on a phishing email link, inadvertently installing malware on the network.

Answer

An unintentional insider threat occurs when an authorized user inadvertently causes harm without malicious intent. Clicking on a phishing link is a classic example of an accidental action that can lead to a significant security breach. The other options all describe deliberate, malicious actions.

Question 3

A security manager is reviewing network logs as part of the organization's insider threat program. Which of the following activities would be considered a primary technical indicator of a potential insider threat?

Accepted Answer

A large volume of data being downloaded to a removable storage device from a sensitive database.

Answer

Massive data exfiltration, such as downloading large volumes of data to a USB drive, is a critical technical indicator of a potential insider threat. While the other options may be policy violations, the large-scale movement of sensitive data is a much stronger and more direct indicator of potential theft or compromise.

Question 4

What is the primary purpose of establishing a formal Insider Threat Program within an organization?

Accepted Answer

To deter, detect, and mitigate threats posed by individuals with authorized access to organizational resources.

Answer

The core goal of an insider threat program is to provide a comprehensive, centralized capability to deter, detect, and mitigate risks from insiders who may intentionally or unintentionally harm the organization. This includes employees, contractors, and partners with authorized access.

Question 5

An employee observes a coworker using a personal smartphone to photograph documents marked 'Confidential' at their desk, a clear violation of company policy. What is the MOST appropriate immediate action for the observing employee to take?

Accepted Answer

Report the observation to their designated security manager or through the official insider threat reporting channel.

Answer

Employees have a responsibility to report potential security incidents and insider threat indicators. The proper procedure is to report the activity through official channels, such as to a supervisor, Facility Security Officer (FSO), or a designated insider threat program official, so it can be investigated appropriately.

SFPC - Security Fundamentals Professional Certification Practice Test

SFPC - Security Fundamentals Professional Certification Practice Test

SFPC - Security Fundamentals Professional Insider Threat Awareness Questions and Answers